prepare requests for participant.controller

8d6a3294 · Fabien Zucchet · 7f47ef4f · 8d6a3294
Commit 8d6a3294 authored 4 years ago by Fabien Zucchet
--- a/back/src/controllers/participant.controller.js
+++ b/back/src/controllers/participant.controller.js
@@ -26,7 +26,8 @@ function getClassementIndividuel(req, res){
    for (const data of result) {
      if (data.id in leader_indiv) {
        if (leader_indiv[data.id].equipes.indexOf(data.equipe_name) == -1) {
-      leader_indiv[data.id].equipes.unshift(data.equipe_name);}
+          leader_indiv[data.id].equipes.unshift(data.equipe_name);
+        }
        leader_indiv[data.id].score += data.score;
        leader_indiv[data.id].nbScores += 1;
      } else {
@@ -90,9 +91,10 @@ function getParticipantsIdentifiants(req, res){

 function getParticipantsById(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "SELECT id,name FROM Participant WHERE deleted = 0 AND id = '"+req.query.id+"' ORDER BY NAME ASC;"
+  var query = "SELECT id,name FROM Participant WHERE deleted = 0 AND id = ? ORDER BY NAME ASC;"
+  var inserts = [req.query.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -104,9 +106,10 @@ function getParticipantsById(req, res){

 function getResultatsPersonnels(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "SELECT  Participant.id as id, Participant.name as name, score, Equipe.name AS equipe_name, createdAt AS date FROM Score  JOIN Participant ON Participant.id=Score.participantId  JOIN Equipe ON Score.equipeId = Equipe.id  WHERE  (Score.deleted = 0 AND ( Participant.deleted=0 AND Participant.id='"+req.query.id+"')) ORDER BY date ASC;"
+  var query = "SELECT  Participant.id as id, Participant.name as name, score, Equipe.name AS equipe_name, createdAt AS date FROM Score  JOIN Participant ON Participant.id=Score.participantId  JOIN Equipe ON Score.equipeId = Equipe.id  WHERE  (Score.deleted = 0 AND ( Participant.deleted=0 AND Participant.id=?)) ORDER BY date ASC;"
+  var inserts = [req.query.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err);
      return res.send(
@@ -151,9 +154,10 @@ function getResultatsPersonnels(req, res){

 function addNewParticipant(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "INSERT INTO `Participant` (`name`) VALUES ('"+req.body.name+"');"
+  var query = "INSERT INTO `Participant` (`name`) VALUES (?);"
+  var inserts = [req.body.name];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -165,9 +169,10 @@ function addNewParticipant(req, res){

 function addNewParticipantWithId(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "INSERT IGNORE INTO `Participant` (`id`, `name`) VALUES ('"+req.body.id+"','"+req.body.name+"');"
+  var query = "INSERT IGNORE INTO `Participant` (`id`, `name`) VALUES (?,?);"
+  var inserts = [req.body.id, req.body.name];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -179,9 +184,10 @@ function addNewParticipantWithId(req, res){

 function updateParticipant(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Participant SET name = '"+req.body.name+"' WHERE id="+req.body.id+";"
+  var query = "UPDATE Participant SET name = ? WHERE id=?;"
+  var inserts = [req.body.name, req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })
@@ -193,9 +199,10 @@ function updateParticipant(req, res){

 function deleteParticipant(req, res) {
  var con = mysql.createConnection(dbConfig);
-  var query = "UPDATE Participant SET deleted = 1 WHERE id='"+req.body.id+"';"
+  var query = "UPDATE Participant SET deleted = 1 WHERE id=?;"
+  var inserts = [req.body.id];
  con.connect();
-  con.query(query, (err, result) => {
+  con.query(query, inserts, (err, result) => {
    if (err) {
      console.log(err)
      return res.send({ success: false })